Use default SSLSocketFactory to solve TrustManager security vulnerability reported by Google Play

rhymelph / r_scan

📷🖨Flutter二维码&条形码扫描插件，支持相机、文件、链接、Uint8List类型扫描

https://juejin.im/post/5dd8efb1e51d452314438515

BSD 3-Clause "New" or "Revised" License

119 stars 79 forks source link

Use default SSLSocketFactory to solve TrustManager security vulnerability reported by Google Play #29

Closed masewo closed 4 years ago

masewo commented 4 years ago

If you try to publish an app that uses this plulgin on Google Play, Google Play will report a security vulnerability because a custom TrustManager is used that overrides methods checkClientTrusted and checkServerTrusted with empty bodies.

To solve this issue we can use the default SSLSocketFactory.

KingWu commented 4 years ago

will merge it?

KingWu commented 4 years ago

Will have this compile error

 /ios/Pods/gRPC-C++/src/core/lib/iomgr/error.h:22:10: fatal error: 'grpc/support/port_platform.h' file